Tedi HeriyantoNov 3, 2024

ShimCache vs AmCache: Key Windows Forensic Artifacts: https://www.magnetforensics.com/blog/shimcache-vs-amcache-key-windows-forensic-artifacts/

#digitalforensics #WindowsForensics #shimcache #amcache

ShimCache vs AmCache: Key Windows Forensic Artifacts - Magnet Forensics

Discover the forensic value of ShimCache & AmCache on Windows systems to track program execution, build timelines, and uncover cyber threats.

Magnet Forensics
13reak Apr 17, 2023

#dfir #question

Recently had an analysis where neither #amcache nor #shimcache showed an executable. However, the executable definitely ran.

Anyone knows when this happens? (might be connected: I'm not sure if the user was logged in interactively)